Reporting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to schedule a report email with a CSV attachment of search results every 4 hours?

Laya123
Communicator
‎06-28-2015 06:35 AM

Hi,

Can any one help me on how to schedule a report with an attachment (csv) and email to my boss every 4 hours with last 4 hours of search results? I used cron expression 0 */4 * * *, but it's not generating a report every 4 hours.

Example: Email a report for every 4 hours; first email has to be sent at 4am for the results of last 4 hours (1am - 4am). The second email has to be sent at 8am for the results of 5am to 8am

Please help me to do this

Thanks in advance

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎06-28-2015 06:46 AM

The cron syntax works like this.

.---------------- minute (0 - 59)
|  .------------- hour (0 - 23)
|  |  .---------- day of month (1 - 31)
|  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
|  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
|  |  |  |  |
*  *  *  *  *

To run your search every minute on 4 hour intervals (every minute within every 4th hour), use this cron.

* */4 * * *

To run your search once every 4 hours (on the zero minute), use this cron.

0 */4 * * *

You can also specify an enumerated list, if you need to drop off midnight (your example may mean this), like this:

0 4,8,12,16,20 * * *

View solution in original post

Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎06-28-2015 06:46 AM

The cron syntax works like this.

.---------------- minute (0 - 59)
|  .------------- hour (0 - 23)
|  |  .---------- day of month (1 - 31)
|  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
|  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
|  |  |  |  |
*  *  *  *  *

To run your search every minute on 4 hour intervals (every minute within every 4th hour), use this cron.

* */4 * * *

To run your search once every 4 hours (on the zero minute), use this cron.

0 */4 * * *

You can also specify an enumerated list, if you need to drop off midnight (your example may mean this), like this:

0 4,8,12,16,20 * * *
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎07-06-2015 10:04 PM

Please "Accept" this answer.

0 Karma
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎06-28-2015 10:42 AM

Yes, 0 */4 * * * will run once every four hours, at zero minutes past 0, 4, 8, 12, 16, 20.

0 Karma
Reply
Solved! Jump to solution

Laya123
Communicator
‎06-28-2015 07:42 AM

Hi,

I am bit confused can you tell me

0 */4 * * * - does this cron help to get an email every 4 hours?

Thanks

0 Karma
Reply
Solved! Jump to solution

Laya123
Communicator
‎06-28-2015 07:01 AM

Thanks for your immediate response

it means email will go for every 4hours with last 4hours of results right

Thanks

0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎06-28-2015 11:12 AM

The "last 4 hours" part is controlled by the time specifier which should be -4h@h.

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...